WP-Safety

Chat in Website Security & Risk Analysis

wordpress.org/plugins/chat-in-website

Easily add WhatsApp chat buttons and floating chatboxes to your WordPress site

30 active installs v1.0.6 PHP 7.2+ WP 6.2+ Updated Dec 8, 2025
floating-whatsappwhatsapp-buttonwhatsapp-chatwhatsapp-plugin
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Chat in Website Safe to Use in 2026?

Generally Safe

Score 100/100

Chat in Website has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The 'chat-in-website' plugin version 1.0.6 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by using prepared statements for all its SQL queries and properly escaping a high percentage of its output. It also incorporates a reasonable number of nonce and capability checks, suggesting an effort towards securing its functionalities. The complete absence of known CVEs and historical vulnerabilities is a significant strength, indicating a developer that has likely maintained a secure codebase over time or has not attracted significant security scrutiny.

However, there are notable areas of concern. The static analysis reveals a potential risk with one unprotected AJAX handler, which represents a direct entry point that lacks authentication checks. Furthermore, the taint analysis identified four flows with unsanitized paths, all flagged as high severity. While these are not explicitly marked as exploitable vulnerabilities by the analysis tool, high-severity taint flows in conjunction with an unprotected entry point suggest a potential for exploitation if user-supplied data is not handled with extreme care. The limited attack surface is a positive, but the presence of unprotected access and high-severity taint flows warrants attention.

In conclusion, 'chat-in-website' v1.0.6 has a generally good foundation in secure coding practices, particularly regarding database interactions and output sanitization. Its clean vulnerability history is a strong indicator of past security diligence. The primary weaknesses lie in the single unprotected AJAX endpoint and the identified high-severity taint flows. These areas represent the most immediate security risks that should be addressed to further strengthen the plugin's overall security.

Key Concerns

  • Unprotected AJAX handler detected
  • High severity taint flows detected (4)
Vulnerabilities
None known

Chat in Website Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Chat in Website Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
16 prepared
Unescaped Output
27
491 escaped
Nonce Checks
5
Capability Checks
6
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared16 total queries

Output Escaping

95% escaped518 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
ciws_search_accounts (includes\classes\admin\class-ciws-account-ajax.php:13)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Chat in Website Attack Surface

Entry Points3
Unprotected1

AJAX Handlers 1

authwp_ajax_search_accountsincludes\classes\admin\class-ciws-account-ajax.php:10

REST API Routes 1

GET/wp-json/ciws/v1/accountsincludes\classes\class-ciws-api.php:15

Shortcodes 1

[ciws] includes\classes\class-ciws-shortcode.php:9
WordPress Hooks 17
actionplugins_loadedchat-in-website.php:23
actionadmin_menuincludes\classes\admin\class-ciws-admin.php:6
actionadmin_post_ciws_create_account_actionincludes\classes\admin\class-ciws-crud.php:11
actionadmin_post_ciws_edit_account_actionincludes\classes\admin\class-ciws-crud.php:12
actionadmin_post_ciws_delete_account_actionincludes\classes\admin\class-ciws-crud.php:13
actionadmin_post_ciws_floating_icon_actionincludes\classes\admin\class-ciws-crud.php:18
actionadmin_post_ciws_main_actionincludes\classes\admin\class-ciws-crud.php:19
actionrest_api_initincludes\classes\class-ciws-api.php:11
actionwp_enqueue_scriptsincludes\classes\class-ciws-enqueue.php:9
actionadmin_enqueue_scriptsincludes\classes\class-ciws-enqueue.php:10
actionenqueue_block_editor_assetsincludes\classes\class-ciws-enqueue.php:11
actionwp_footerincludes\classes\class-ciws-floating-icon.php:7
actionwoocommerce_single_product_summaryincludes\classes\class-ciws-woocommerce.php:11
actionwoocommerce_single_product_summaryincludes\classes\class-ciws-woocommerce.php:12
actionwoocommerce_single_product_summaryincludes\classes\class-ciws-woocommerce.php:13
actionwoocommerce_single_product_summaryincludes\classes\class-ciws-woocommerce.php:14
actionwoocommerce_after_single_product_summaryincludes\classes\class-ciws-woocommerce.php:15
Maintenance & Trust

Chat in Website Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 8, 2025
PHP min version7.2
Downloads697

Community Trust

Rating100/100
Number of ratings1
Active installs30
Alternatives

Chat in Website Alternatives

Social Chat Widget (⚡ by Callbell)

Social Chat Widget (⚡ by Callbell)

callbell-chat-widget

A
85

WhatsApp free live chat button to connect and communicate with your website visitors

700 No CVEs
Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist

Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist

bit-assist

A
95

Floating sticky chat button for WhatsApp Chat, Facebook Messenger, Telegram, Instagram, SMS, Call, Discord chat, TikTok, Line & 30+ channels

10K 7 CVEs
Cresta Help Chat

Cresta Help Chat

cresta-whatsapp-chat

A
100

Allow your users and customers to contact you via WhatsApp with a single click.

10K No CVEs
Widget Click to Chat

Widget Click to Chat

widgetwhats-app

A
85

100% FREE Responsive WhatsApp Chat Widget with page targeting and floating button style. Fully Customizable!

600 No CVEs
Huu WP for WooCommerce

Huu WP for WooCommerce

wc-huu

A
100

Add a WhatsApp button to WooCommerce product pages and product loops.

10 No CVEs
Developer Profile

Chat in Website Developer Profile

WP Shuffle

8 plugins · 4K total installs

99
trust score
Avg Security Score
98/100
Avg Patch Time
7 days
View full developer profile
Detection Fingerprints

How We Detect Chat in Website

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/chat-in-website/assets/css/ciws-backend.css/wp-content/plugins/chat-in-website/assets/js/ciws-backend.js/wp-content/plugins/chat-in-website/assets/css/ciws-fontawesome.css/wp-content/plugins/chat-in-website/assets/js/ciws-frontend.js/wp-content/plugins/chat-in-website/assets/css/ciws-frontend.css/wp-content/plugins/chat-in-website/assets/js/ciws-whatsapp-block.js
Script Paths
/wp-content/plugins/chat-in-website/assets/js/ciws-backend.js/wp-content/plugins/chat-in-website/assets/js/ciws-frontend.js/wp-content/plugins/chat-in-website/assets/js/ciws-whatsapp-block.js
Version Parameters
chat-in-website/assets/css/ciws-backend.css?ver=chat-in-website/assets/js/ciws-backend.js?ver=chat-in-website/assets/css/ciws-fontawesome.css?ver=chat-in-website/assets/js/ciws-frontend.js?ver=chat-in-website/assets/css/ciws-frontend.css?ver=chat-in-website/assets/js/ciws-whatsapp-block.js?ver=

HTML / DOM Fingerprints

CSS Classes
ciws-floating-rightciws-desktop-hideciws-mob-hide
HTML Comments
<!-- Account Table --><!-- CIWP Account Settings Table Query -->
Data Attributes
data-account_iddata-account_namedata-ciws_account_details
JS Globals
ciwsData
FAQ

Frequently Asked Questions about Chat in Website